[sr-dev] crash (segfault) on Kamailio master branch
Jason Penton
jason.penton at gmail.com
Mon Oct 5 08:29:30 CEST 2015
Hey guys,
Not sure if there have been any changes but I have an interesting problem
here when using TCP:
*The BT is as follows:*
#0 local_timer_list_expire (h=0xa0f128 <tcp_reader_ltimer+178664>,
t=723807134, l=0x9e3740 <tcp_reader_ltimer>) at local_timer.c:198
#1 local_timer_expire (t=723807134, h=<optimized out>) at local_timer.c:227
#2 local_timer_run (lt=lt at entry=0x9e3740 <tcp_reader_ltimer>,
saved_ticks=723807150) at local_timer.c:250
#3 0x00000000005d8417 in tcp_reader_timer_run () at tcp_read.c:1682
#4 tcp_receive_loop (unix_sock=<optimized out>) at tcp_read.c:1734
#5 0x00000000005c81c8 in tcp_init_children () at tcp_main.c:4788
#6 0x00000000004a9da3 in main_loop () at main.c:1664
#7 0x000000000042411e in main (argc=<optimized out>, argv=<optimized out>)
at main.c:2566
This seems to be related to clearing timers for TCP connections. The crash
is related to the following code:
*_timer_rm_list(tl)*
where it does a null pointer deref on tl->next and tl->prev, which,
according to the bt, are null (see below).
*(gdb) print *tl*
$14 = {next = 0x0, prev = 0x0, expire = 723807134, initial_timeout = 32,
data = 0x7fbbb05aa628, f = 0x5d02f0 <tcpconn_read_timeout>, flags = 512,
slow_idx = 0}
Any ideas?
Cheers
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20151005/64b984c7/attachment-0001.html>
More information about the sr-dev
mailing list